Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

July 17, 2024 Release

Juniper Security Director Cloud New Features: July 17, 2024

SRX

Support for MNHA pairs—You can now add multinode high availability (MNHA) pairs to Juniper Security Director Cloud and centrally manage the SRX Series firewalls by using the Juniper Security Director Cloud portal. MNHA pair is supported only for brownfield deployments. [ See Add Standalone Devices, Device Clusters, or MNHA Pair Devices Using Commands.]

Security metadata streaming—You can now create metadata streaming policies and DNS cache to protect your network from advanced threats. A metadata streaming policy protects the network from domain generation algorithm (DGA) based attacks on DNS packets, DNS tunnels, and threats through HTTP requests. A DNS cache compares request domains against a list of allowed and blocked domains. [See Metadata Streaming Policies.]

Support for cloud-ready SRX Series firewalls (SRX4300)—You can now add cloud-ready SRX4300 firewalls to Juniper Security Director Cloud and centrally manage them by using the Juniper Security Director Cloud portal. [See Add Devices to Juniper Security Director Cloud.]

Flow-based antivirus—You can now create a flow-based antivirus profile that finds and stops security threats as they happen in real time. Flow-based inspections usually use less processing resources than proxy-based inspection. The flow-based inspections also do not modify packets unless a threat is detected and packets are dropped. You can set up global flow-based antivirus settings and use these settings for multiple devices. You can also view flow-based antivirus detection events on the Threats page, on the All Security Events page, and in the Logs report. [See About the Flow-Based Antivirus Profiles Page.]

ICAP redirect—You can now create an ICAP redirect profile to allow the ICAP server to process request messages, response messages, fallback options and so on, for the permitted traffic. You can assign the profile as an application service in the security policy. [See About the ICAP Redirect Profile Page.]

Shared Services

SSL initiation profile—You can now create an SSL initiation profile to configure settings for the SSL-initiated connections. The profile includes the list of supported ciphers and their priority, the supported versions of SSL/TLS, and a few other options. [See About the SSL Initiation Profile Page.]

Administration

Role mapping for SSO users—You can add and manage SSO users and roles in Juniper Security Director Cloud portal. You can assign a default role to all SSO users. You can also create custom roles and map them to the roles that are created for the users in your identity provider (IdP). [See Role Mapping.]

Approve or reject device onboarding requests—You can enable prompts to approve or reject device onboarding requests through zero-touch Provisioning (ZTP). Use this feature to make sure you add only devices with valid serial numbers to Juniper Security Director Cloud. [See Approve or Reject Onboarding Requests for ZTP Devices.]

Secure Edge New Features: July 17, 2024

Monitor

Secure Edge reports—You can see information about the logs that are sent to an external security information and event management (SIEM) server, such as how many log streaming licenses are assigned and used and how much data is streamed in logs, in the Secure Edge reports. [See About the Secure Edge Reports Page.]

Identity

Authentication frequency settings—You can now decide when users’ web browser cookies expire by configuring how frequently users must authenticate their access to Juniper Secure Edge. This configuration gives you control over users' access to the portal. [See About the Authentication Settings Page.]

Security Subscriptions

CASB inline cloud application—You can configure rules to control activities on the cloud applications for a Cloud Access Security Broker (CASB) profile. Juniper Secure Edge supports the following newly added cloud applications and features:

  • Amazon EFS—Login, Upload, Download, Create, Delete, and Edit

  • Amazon S3—Login, Upload, Download, Create, and Delete

  • GitHub—Login, Upload, Download, Create, View, and CreateRepo

  • Microsoft OneDrive Personal—Login, Upload, Download, and Share

  • Microsoft Teams—Chat, Audio/Video, and File Transfer

[See Add Rules to a CASB Profile.]

CASB profile rules—You can now:

  • Click the application/application group name, activities, or application instances on the CASB Rules page to view the details on the configured activities and application instances.

  • Select either Cloud application group or Cloud applications under Cloud Applications on the CASB Rules page.

[See About the CASB Rules Page and Add Rules to a CASB Profile.]

Service Management

Protected networks using address groups in sites—You can now give access to groups of IP addresses as protected networks while creating a new site, in addition to specifying IP address ranges. You can also create new address groups to include them in the new site. This new option enables you to add protected networks based on address groups rather than manually adding IP addresses or IP address ranges. [See Create a Site.]

Integrating Mist with Juniper Security Director Cloud —Customer administrators can now configure tunnel keepalives between customer-premises equipment (CPE) and Juniper Secure Edge from the Mist console. After you enable an external probe for a site, Juniper Secure Edge automatically creates a shared address object and a security firewall policy that allows the probes to pass through. [See About the External Probe Page.]

Administration

Log compression before streaming—You can now choose to compress logs using GZip before streaming the logs to Microsoft Azure. To use this feature, you must select the Azure Logic App SIEM server connection type in a log stream. [See Add a Log Stream.]

Back up logs at a cloud-based location—You can now configure a cloud-based location where your SRX Series Firewall and Secure Edge logs are backed up. Only paid subscribers with a Juniper Security Director Cloud, a Juniper Secure Edge, or a storage license can use this backup option. [See About the Organization Page.]

API security—Customer administrators can now allow specified users to access protected services or resources using access tokens. Log in to the Juniper Security Director Cloud portal, navigate to Administration > API Security, and configure API security. We currently support the API key and OAuth token security mechanisms.

Juniper Secure Edge supports Swagger 2.0 REST API specifications in JSON format. To access the Swagger API specification, open a web browser and enter https://base-url/sd-swagger/, where base-url is the root address of the website or application. You can access APIs for the following functions:

  • Identity and access management (IAM)

  • PAC Manager

  • Service Location

  • Sites

While IAM APIs are available to both Juniper Secure Edge customers and SRX Series firewall customers, PAC Manager, Service location, and Sites APIs are available only to the Juniper Secure Edge customers.

[See About the API Security Page.]